CVE-2023-6943

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/vu/JVNVU95103362	Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02	Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf	Vendor Advisory
https://jvn.jp/vu/JVNVU95103362	Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02	Third Party Advisory US Government Resource
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mitsubishielectric:ezsocket::::::::
	cpe:2.3:a:mitsubishielectric:fr_configurator2::::::::
	cpe:2.3:a:mitsubishielectric:got1000::::::::
	cpe:2.3:a:mitsubishielectric:got2000::::::::
	cpe:2.3:a:mitsubishielectric:gx_works2::::::::
	cpe:2.3:a:mitsubishielectric:gx_works3::::::::
	cpe:2.3:a:mitsubishielectric:mc_works64::::::::
	cpe:2.3:a:mitsubishielectric:melsoft_navigator::::::::
	cpe:2.3:a:mitsubishielectric:mt_works2::::::::
	cpe:2.3:a:mitsubishielectric:mx_component::::::::

History

13 Feb 2025, 08:15

Type	Values Removed	Values Added
Summary	(en) Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.	(en) Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.

16 Jan 2025, 05:15

Type	Values Removed	Values Added
Summary	(en) Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.	(en) Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.

21 Nov 2024, 08:44

Type	Values Removed	Values Added
References	~~() https://jvn.jp/vu/JVNVU95103362 - Third Party Advisory~~	() https://jvn.jp/vu/JVNVU95103362 - Third Party Advisory
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 - Third Party Advisory, US Government Resource
References	~~() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf - Vendor Advisory~~	() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf - Vendor Advisory

01 Nov 2024, 09:15

Type	Values Removed	Values Added
Summary	(en) Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.	(en) Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.

08 Feb 2024, 16:41

Type	Values Removed	Values Added
CPE		cpe:2.3:a:mitsubishielectric:melsoft_navigator:::::::: cpe:2.3:a:mitsubishielectric:gx_works3:::::::: cpe:2.3:a:mitsubishielectric:fr_configurator2:::::::: cpe:2.3:a:mitsubishielectric:got1000:::::::: cpe:2.3:a:mitsubishielectric:got2000:::::::: cpe:2.3:a:mitsubishielectric:mt_works2:::::::: cpe:2.3:a:mitsubishielectric:mx_component:::::::: cpe:2.3:a:mitsubishielectric:ezsocket:::::::: cpe:2.3:a:mitsubishielectric:mc_works64:::::::: cpe:2.3:a:mitsubishielectric:gx_works2::::::::
References	~~() https://jvn.jp/vu/JVNVU95103362 -~~	() https://jvn.jp/vu/JVNVU95103362 - Third Party Advisory
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 - Third Party Advisory, US Government Resource
References	~~() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf -~~	() https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf - Vendor Advisory
First Time		Mitsubishielectric got1000 Mitsubishielectric Mitsubishielectric gx Works2 Mitsubishielectric melsoft Navigator Mitsubishielectric gx Works3 Mitsubishielectric mx Component Mitsubishielectric fr Configurator2 Mitsubishielectric mt Works2 Mitsubishielectric ezsocket Mitsubishielectric mc Works64 Mitsubishielectric got2000

31 Jan 2024, 09:15

Type	Values Removed	Values Added
References		() https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-02 -

30 Jan 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-30 09:15

Updated : 2025-02-13 08:15

NVD link : CVE-2023-6943

Mitre link : CVE-2023-6943

CVE.ORG link : CVE-2023-6943

JSON object : View

Products Affected

mitsubishielectric

mt_works2
got2000
fr_configurator2
gx_works3
ezsocket
mc_works64
gx_works2
melsoft_navigator
mx_component
got1000

CWE

CWE-470

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

9.8 /10